Reset Password, but don’t allow Username, only Email
-
Okay, this has been driving me batty.
So that the password recovery isn’t spammed by someone to some random member, HOW can you prevent (stop, halt, not allow, etc.) Reset Password with username, and the person requesting to reset password for account can ONLY use their Email address?
I’ve hit a wall, considered core hacking if need be — I don’t care — I really need some guidance, an answer, a suggestion, a hack, a snippet of code that goes in the functions.php — ANYTHING.
I already am using a plugin that works for admin account, kindah (it just doesn’t allow admin account to request reset password)…
What I really really really am seeking? An answer to ONLY allowing emails to request a password reset. No username, no name, no nickname, no nothing else, just an email address to reset password.
Sorry, as you can see in this post, I am a desperate, extremely frustrated… . Hours of searching, trying different things and nothing works to prevent username.
Thanks for any, ANY advise, guidance, code, functions.php snippet, revelation, prayers, chants, magick, ANYthing at this moment to find an answer.
-
The function you want to rewrite a bit is located in wp-login.php:280
function retrieve_password()
I’m not sure it it’s pluggable (i.e. I’m not sure if you could overwrite this function with a plugin).
(The row number was for WP 4.8, shouldn’t be too far off for 4.7.5)
- The topic ‘Reset Password, but don’t allow Username, only Email’ is closed to new replies.